Cloud storage services allow a user to store information, such as computer files, in a remote storage destination located “on line” or “in the cloud”. The remote storage destination may be located geographically far away from whatever computing node the user works with. The remote storage may communicate with the user's computing node over a local area network (LAN), a wide area network (WAN), and/or the Internet. The remote storage destination device may include a cloud storage service, a remote IP addressable hard drive, a laptop computer, and the like. The cloud storage network may be owned and/or operated by the user, the user's organization (e.g., a corporations information technology (IT) group), or a third party. Cloud based storage provides a convenience for the user in that he or she does not need to maintain the hardware associated with such storage. Further, the user may access his or her information stored in the cloud via various computing nodes located in dispersed geographic locations.
A system of computing nodes comprising: a first computing node comprising a first secure cryptoprocessor having out-of-band non-volatile first memory that stores a hardware-based first private key that is non-visible to a first operating system (OS) for the first computing node; a second computing node comprising a second secure cryptoprocessor having out-of-band non-volatile second memory that stores a hardware-based second private key that is non-visible to a second OS for the second computing node and that corresponds to a second public key; and at least one non-transitory storage medium having instructions stored thereon to cause: the first computing node to: receive the second public key; determine a first session key and encrypt first information with the first session key; encrypt the first session key with the second public key; bind the encrypted first session key to the encrypted first information; and communicate the bound encrypted first session key and encrypted first information to cloud based storage; and the second computing node to receive and decrypt the bound encrypted first session key with the second private key, while the second private key is still located within the second cryptoprocessor, and the encrypted first information with the decrypted first session key wherein the at least one medium further comprises instructions to cause: the first secure cryptoprocessor to encrypt the first private key and communicate the encrypted first private key to the first computing node; the first computing node to communicate the encrypted first private key to the third computing node; and the second computing node to receive the encrypted first private key from the third computing node.